This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/4a6a09-3853-454b-ae09-ffa7514fad2e/1/lVpBRIi3PbL0pxFTOHIPsen8YRw.roa
File:                     lVpBRIi3PbL0pxFTOHIPsen8YRw.roa (raw, json)
Hash identifier:          Ck8BBcqupqvNYzNl6UXJrtFbj/DxuvN1NlgRMuprHBc=
Subject key identifier:   95:5A:41:44:88:B7:3D:B2:F4:A7:11:53:38:72:0F:B1:E9:FC:61:1C
Certificate issuer:       /CN=4194d9dde9b9d550ff3497e43683f6880d403323
Certificate serial:       019ADA910482912318B2FB8E0F5AACEF535C
Authority key identifier: 41:94:D9:DD:E9:B9:D5:50:FF:34:97:E4:36:83:F6:88:0D:40:33:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QZTZ3em51VD_NJfkNoP2iA1AMyM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/4a6a09-3853-454b-ae09-ffa7514fad2e/1/lVpBRIi3PbL0pxFTOHIPsen8YRw.roa
Signing time:             Mon 01 Dec 2025 15:38:48 +0000
ROA not before:           Mon 01 Dec 2025 15:38:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62218
IP address blocks:        185.43.92.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/4a6a09-3853-454b-ae09-ffa7514fad2e/1/QZTZ3em51VD_NJfkNoP2iA1AMyM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/4a6a09-3853-454b-ae09-ffa7514fad2e/1/QZTZ3em51VD_NJfkNoP2iA1AMyM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QZTZ3em51VD_NJfkNoP2iA1AMyM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 12:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:da:91:04:82:91:23:18:b2:fb:8e:0f:5a:ac:ef:53:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4194d9dde9b9d550ff3497e43683f6880d403323
        Validity
            Not Before: Dec  1 15:38:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=955a414488b73db2f4a7115338720fb1e9fc611c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:9c:57:95:71:bf:4e:4f:db:98:48:c3:6f:a4:
                    24:eb:64:29:a2:82:d6:93:72:fc:0e:5e:36:c9:f5:
                    66:f3:70:ea:ae:05:b4:c4:5c:c3:fb:f2:ba:cb:0e:
                    ee:a5:c2:5d:c8:ab:60:a6:5a:d9:06:0e:1b:3f:53:
                    a4:a4:66:8a:7b:1e:9e:36:b7:da:db:84:ef:90:28:
                    3e:0b:8f:ed:cf:70:3a:9d:dc:9a:40:16:9b:a4:26:
                    3d:56:49:13:e7:9b:41:20:db:96:bc:02:42:21:d6:
                    f7:22:39:01:06:08:fa:b6:0c:74:16:84:5f:f4:23:
                    d1:60:6b:9f:21:6f:57:4f:16:87:e5:a1:68:91:50:
                    02:89:57:2a:bf:e5:84:4c:d1:22:a1:43:b6:b6:33:
                    22:52:6a:f4:85:c8:c3:f5:11:17:37:de:d6:4c:06:
                    5d:16:38:dc:1d:cf:c2:84:b3:07:b9:23:72:0c:74:
                    e6:7b:04:f2:f4:17:a4:a1:7c:0e:18:a7:43:2a:83:
                    c3:91:2a:9b:60:1b:1b:b3:fd:ab:2c:a1:7b:a0:c1:
                    ed:f7:cc:04:30:5e:01:0c:5c:65:cd:5f:c1:da:ca:
                    6a:d5:7c:96:f7:ca:a3:7a:3c:c3:6e:aa:50:9c:9a:
                    14:3b:06:49:4c:b9:ec:6c:5a:d1:a0:77:60:ad:f4:
                    05:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:5A:41:44:88:B7:3D:B2:F4:A7:11:53:38:72:0F:B1:E9:FC:61:1C
            X509v3 Authority Key Identifier:
                keyid:41:94:D9:DD:E9:B9:D5:50:FF:34:97:E4:36:83:F6:88:0D:40:33:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QZTZ3em51VD_NJfkNoP2iA1AMyM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/4a6a09-3853-454b-ae09-ffa7514fad2e/1/lVpBRIi3PbL0pxFTOHIPsen8YRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/4a6a09-3853-454b-ae09-ffa7514fad2e/1/QZTZ3em51VD_NJfkNoP2iA1AMyM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.43.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         38:af:3b:05:fa:03:55:2d:68:99:6b:23:db:a4:c7:f1:d7:fc:
         bd:e8:4e:4c:a7:e5:b2:bf:eb:e0:55:53:4d:c1:9b:fc:77:80:
         d8:40:43:f7:c4:ea:76:37:34:0d:50:08:50:d1:11:bb:12:45:
         b7:aa:ba:85:76:86:5e:c6:5e:58:04:29:1d:9b:de:5c:38:c7:
         fd:ae:55:e9:aa:b2:0a:c3:14:6f:e9:87:dd:38:60:78:78:90:
         7e:b8:4c:13:5a:82:24:af:99:6f:dc:d2:b2:d8:0d:6f:a7:f2:
         c5:44:82:a0:bc:5d:a4:fe:06:6b:ee:c3:ea:09:c2:64:74:2e:
         44:7a:06:5a:8d:25:37:57:aa:85:10:62:e5:9b:2b:2c:7b:1b:
         e1:ba:e5:ac:f4:e6:4d:f8:c7:db:4c:c6:69:4b:93:66:4b:cb:
         7e:dd:e9:69:20:d3:1c:49:fb:fb:68:38:a7:8d:9b:04:3d:46:
         33:7f:f3:a4:9b:f0:2c:b5:e2:9b:a5:5d:5c:b8:18:b9:97:73:
         df:52:13:a0:f7:6e:3f:49:71:9e:4a:76:22:50:59:97:76:3f:
         bf:6c:e3:b2:59:48:7f:00:59:b2:4d:4b:6f:e2:9c:b2:06:94:
         80:f4:38:31:79:95:74:55:f8:1c:91:72:e3:14:57:e3:b9:90:
         86:a0:11:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZrakQSCkSMYsvuOD1qs71NcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxOTRkOWRkZTliOWQ1NTBmZjM0OTdlNDM2ODNmNjg4MGQ0
MDMzMjMwHhcNMjUxMjAxMTUzODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTVhNDE0NDg4YjczZGIyZjRhNzExNTMzODcyMGZiMWU5ZmM2MTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJxXlXG/Tk/bmEjDb6Qk62QpooLW
k3L8Dl42yfVm83DqrgW0xFzD+/K6yw7upcJdyKtgplrZBg4bP1OkpGaKex6eNrfa
24TvkCg+C4/tz3A6ndyaQBabpCY9VkkT55tBINuWvAJCIdb3IjkBBgj6tgx0FoRf
9CPRYGufIW9XTxaH5aFokVACiVcqv+WETNEioUO2tjMiUmr0hcjD9REXN97WTAZd
FjjcHc/ChLMHuSNyDHTmewTy9BekoXwOGKdDKoPDkSqbYBsbs/2rLKF7oMHt98wE
MF4BDFxlzV/B2spq1XyW98qjejzDbqpQnJoUOwZJTLnsbFrRoHdgrfQFQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJVaQUSItz2y9KcRUzhyD7Hp/GEcMB8GA1UdIwQY
MBaAFEGU2d3pudVQ/zSX5DaD9ogNQDMjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVpUWjNlbTUxVkRfTkpma05vUDJpQTFBTXlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC80YTZhMDktMzg1My00NTRiLWFlMDkt
ZmZhNzUxNGZhZDJlLzEvbFZwQlJJaTNQYkwwcHhGVE9ISVBzZW44WVJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC80YTZhMDktMzg1My00NTRiLWFlMDktZmZhNzUxNGZhZDJl
LzEvUVpUWjNlbTUxVkRfTkpma05vUDJpQTFBTXlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuStcMA0G
CSqGSIb3DQEBCwUAA4IBAQA4rzsF+gNVLWiZayPbpMfx1/y96E5Mp+Wyv+vgVVNN
wZv8d4DYQEP3xOp2NzQNUAhQ0RG7EkW3qrqFdoZexl5YBCkdm95cOMf9rlXpqrIK
wxRv6YfdOGB4eJB+uEwTWoIkr5lv3NKy2A1vp/LFRIKgvF2k/gZr7sPqCcJkdC5E
egZajSU3V6qFEGLlmyssexvhuuWs9OZN+MfbTMZpS5NmS8t+3elpINMcSfv7aDin
jZsEPUYzf/Okm/AsteKbpV1cuBi5l3PfUhOg924/SXGeSnYiUFmXdj+/bOOyWUh/
AFmyTUtv4pyyBpSA9DgxeZV0VfgckXLjFFfjuZCGoBFK
-----END CERTIFICATE-----